• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing

Vol. 7, No. 8, August 29, 2013
10.3837/tiis.2013.08.014, Download Paper (Free):

Abstract

How to discover router vulnerabilities effectively and automatically is a critical problem to ensure network and information security. Previous research on router security is mostly about the technology of exploiting known flaws of routers. Fuzzing is a famous automated vulnerability finding technology; however, traditional Fuzzing tools are designed for testing network applications or other software. These tools are not or partly not suitable for testing routers. This paper designs a framework of discovering router protocol vulnerabilities, and proposes a mathematical model Two-stage Fuzzing Test Cases Generator(TFTCG) that improves previous methods to generate test cases. We have developed a tool called RPFuzzer based on TFTCG. RPFuzzer monitors routers by sending normal packets, keeping watch on CPU utilization and checking system logs, which can detect DoS, router reboot and so on. RPFuzzer’ debugger based on modified Dynamips, which can record register values when an exception occurs. Finally, we experiment on the SNMP protocol, find 8 vulnerabilities, of which there are five unreleased vulnerabilities. The experiment has proved the effectiveness of RPFuzzer.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Z. Wang, Y. Zhang, Q. Liu, "RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing," KSII Transactions on Internet and Information Systems, vol. 7, no. 8, pp. 1989-2009, 2013. DOI: 10.3837/tiis.2013.08.014.

[ACM Style]
Zhiqiang Wang, Yuqing Zhang, and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. KSII Transactions on Internet and Information Systems, 7, 8, (2013), 1989-2009. DOI: 10.3837/tiis.2013.08.014.

[BibTeX Style]
@article{tiis:20353, title="RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing", author="Zhiqiang Wang and Yuqing Zhang and Qixu Liu and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2013.08.014}, volume={7}, number={8}, year="2013", month={August}, pages={1989-2009}}